|
|
CVE Reference: CVE-2006-2460 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-2460 |
|
|
Description: Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/26451 ST 1016087 SREASON http://securityreason.com/securityalert/921 SAID Secunia Advisory: SA20072 OSVDB 25532 MISC http://retrogod.altervista.org/sugar_suite_42_incl_xpl.html MILW0RM http://milw0rm.com/exploits/1785 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/434009/100/0/threaded BID 17987 |
|
| Return to the previous page. |
